ElasticSearch、kibana设置账户密码;ElasticSearch对外访问

前言

今天在linux服务器上搭建elasticsearch索引库,但这段时间正在搞护网行动,所以elasticsearch和kibana就不能裸奔了,所以这篇文章我写了如何设置账户密码

  • elasticsearch 使用版本7.6.2
  • kibana 使用版本7.6.2

1. 设置elasticsearch账户密码,并且允许外部访问

  • 生成CA证书 bin目录下执行
# 如果不配置证书的话启动elasticsearch会报这个错
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: No available authentication scheme
 ./elasticsearch-certutil ca
 # 提示设置密码直接回车就行

在这里插入图片描述

cd ..
ls #这里在elasticsearch根目录已经可以看到 elastic-stack-ca.p12这个文件了

在这里插入图片描述

  • 然后使用刚刚生成的证书,生成p12秘钥 ,进入bin目录执行
./elasticsearch-certutil cert --ca /usr/local/elk/elasticsearch-7.6.2/elastic-stack-ca.p12
 # 提示设置密码直接回车就行

在这里插入图片描述
回到elasticsearch根目录,可以看到生成了elastic-certificates.p12这个文件
在这里插入图片描述

# 进入/elasticsearch
cd /config
mkdir certs
cp /usr/local/elk/elasticsearch-7.6.2/elastic-certificates.p12 certs #拷贝
  • 修改 elasticsearch.yml
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#

# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: 0.0.0.0
#
# Set a custom port for HTTP:
#
http.port: 9200
#transport.host: localhost
#transport.tcp.port: 9300
#
# For more information, consult the network module documentation.
#
# ---------------------------------- Discovery -----------------------------------
cluster.initial_master_nodes: ["node-1"]

xpack.security.enabled: true
#xpack.licence.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

修改完配置文件之后重新启动elasticsearch

./elasticsearch-setup-passwords interactive # 在elasticsearch/bin目录下执行该命令,设置密码

在这里插入图片描述
将elasticsearch的9200端口对外开放,这里我直接关闭防火墙

systemctl stop firewalld

下图所示,这里我外部已经可以访问9200了,并且访问需要账号密码

在这里插入图片描述
外部访问成功
在这里插入图片描述

2. 设置kibana账户密码

  • 编辑 kibana.yml
# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["http://localhost:9200"]

# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true

# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"

# The default application to load.
#kibana.defaultAppId: "home"

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "elastic"
elasticsearch.password: "123546"

重新启动kibana ,访问已经需要登录了
在这里插入图片描述

3. logstash配置账号密码

output {
  elasticsearch {
	hosts => ["http://127.0.0.1:9200"]
    user => "elastic"
    passwrod => "123456"
	index => "%{[fields][servicename]}-%{+yyyy.MM.dd}"
  }
}
评论 1 您还未登录,请先 登录 后发表或查看评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
©️2022 CSDN 皮肤主题:我行我“速” 设计师:Amelia_0503 返回首页

打赏作者

fate急速出击

你的鼓励将是我创作的最大动力

¥2 ¥4 ¥6 ¥10 ¥20
输入1-500的整数
余额支付 (余额:-- )
扫码支付
扫码支付:¥2
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、C币套餐、付费专栏及课程。

余额充值